← 返回 Skills 市场
926
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install session-handoff
功能描述
WHAT: Create comprehensive handoff documents that enable fresh AI agents to seamlessly continue work with zero ambiguity. Solves long-running agent context exhaustion problem.
WHEN: (1) User requests handoff/memory/context save, (2) Context window approaches capacity, (3) Major task milestone completed, (4) Work session ending, (5) Resuming work with existing handoff.
KEYWORDS: "save state", "create handoff", "context is full", "I need to pause", "resume from", "continue where we left off", "load handoff", "save progress", "session transfer", "hand off"
安全使用建议
This skill appears to do what it says: scaffold, validate, list, and evaluate 'handoff' markdown files using local git and filesystem checks. Before installing or running it: (1) Review the scripts yourself (they live in scripts/) if you have sensitive projects — they will create files under .claude/handoffs/ and run git commands in the project directory. (2) Be cautious running the example shell commands (env | grep, ps aux | grep) on machines with secrets; they can expose environment values or process information. (3) The README suggests installing from a GitHub URL — only run external install commands after reviewing/validating the remote repo. (4) The validator looks for likely secrets with regexes but can yield false positives/negatives, so manually verify any flagged content before committing or sharing handoffs. Overall the footprint is local and proportional to the stated purpose.
功能分析
Type: OpenClaw Skill
Name: session-handoff
Version: 0.1.0
The OpenClaw AgentSkills skill bundle is designed for legitimate context management and handoff creation. However, the `scripts/validate_handoff.py` script contains a path traversal vulnerability. Specifically, the `check_file_references` function, when parsing file paths from a handoff document, does not adequately sanitize paths, allowing `../` sequences. This could enable a malicious handoff document to check for the existence of arbitrary files outside the project directory (e.g., `/etc/passwd`) on the agent's system, leading to an information disclosure vulnerability.
能力评估
Purpose & Capability
Name/description (session handoff) match the included scripts and docs. The scripts create, validate, list, and check staleness of handoff markdown files in .claude/handoffs/, and they use git metadata — all expected for this purpose.
Instruction Scope
SKILL.md directs the agent to run the bundled Python scripts and to open/edit the generated files; scripts only inspect local repo state and files and check for secrets. Minor scope notes: quick-start commands in the resume checklist include commands like `env | grep [relevant-var]` and `ps aux | grep [process-name]` which can reveal environment variable values or process details if run verbatim — these are reasonable for debugging but operators should be careful about running them in environments where secrets or sensitive processes are present.
Install Mechanism
There is no formal install spec in the skill bundle (instruction-only at runtime), which minimizes automatic install risk. README includes manual install instructions and an `npx add https://github.com/...` example pointing to an external repo; that is an out-of-band install suggestion (not executed by the skill) — users should vet any external repo URL before running install commands.
Credentials
The skill requires no environment variables, credentials, or special config paths. Scripts operate on local filesystem and git; secret-detection is built into validation. No unrelated credentials are requested in code or SKILL.md.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and only writes its own files under .claude/handoffs/ in the project. It uses subprocess git calls but does not attempt to persist credentials or alter global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install session-handoff - 安装完成后,直接呼叫该 Skill 的名称或使用
/session-handoff触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: provides structured workflows for creating and resuming session handoffs to prevent context loss in long-running tasks.
- Introduces CREATE and RESUME workflows for saving and restoring project state.
- Scripts for scaffold generation, validation, listing, and staleness checking included.
- Defines handoff document quality criteria and automated validation with scoring.
- Supports chained handoffs for projects requiring ongoing context preservation.
- Adds clear guidance to prevent secrets leakage and enforce handoff completeness.
元数据
常见问题
Session Handoff 是什么?
WHAT: Create comprehensive handoff documents that enable fresh AI agents to seamlessly continue work with zero ambiguity. Solves long-running agent context exhaustion problem. WHEN: (1) User requests handoff/memory/context save, (2) Context window approaches capacity, (3) Major task milestone completed, (4) Work session ending, (5) Resuming work with existing handoff. KEYWORDS: "save state", "create handoff", "context is full", "I need to pause", "resume from", "continue where we left off", "load handoff", "save progress", "session transfer", "hand off". 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 926 次。
如何安装 Session Handoff?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install session-handoff」即可一键安装,无需额外配置。
Session Handoff 是免费的吗?
是的,Session Handoff 完全免费(开源免费),可自由下载、安装和使用。
Session Handoff 支持哪些平台?
Session Handoff 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Session Handoff?
由 wpank(@wpank)开发并维护,当前版本 v0.1.0。
推荐 Skills